Google has released a new Windows web browser called 'Chrome' but on its first day as a Beta release, a security researcher has already discovered a 'carpet-bombing' vulnerability that could expose Windows users of the new browser to serious security attacks. This is the same vulnerability that was originally discovered in Apple’s Safari browser four months ago.
In May 2008, Microsoft issued a Microsoft Security Advisory (953818) urging Windows users not to use Apple's web browser. It is unclear whether Microsoft will do the same for Windows users of Chrome browser. Apple patched the flaw with Safari v3.1.2 in June and Safari is now secure from that flaw.
Hackers could exploit carpet-bombing flaw and combine two vulnerabilities “…a flaw in Apple Safari's WebKit and a Java bug to trick users into launching a malicious executable file directly from the new browser.”
However, 'Chrome' is still in the early beta stage, bugs and security vulnerabilities are certain to be discovered and reported in the coming days or weeks. Early adopter 'Chrome' users should be cautious about what they look at with the new browser whilst it is in the Beta phase of testing. In particular, steer clear of suspicious web sites to minimise the chances of being attacked by pop-up downloads, dialers and viruses. Google is expected to issue a patch for the vulnerabilty soon as the Beta programme rolls forward.
W E B L I N K S
Palluxo:
Apple Safari Carpet Bomb Flaw Hits Google Chrome Browser : Palluxo! Mac Dose of All Things Apple
PC Magazine:
Google's Chrome, Apple's Safari Shared Vulnerability - News and Analysis by PC Magazine
Reply With Quote
Did you like this article? Share it with your favourite social network.